Ctrlk

Microsoft Intune Integration

The integration between Microsoft Intune and Asset Panda Pro streamlines device and asset tracking and management. The integration supports the following types of actions:

  • Retiring devices (removing them from the system while retaining historical records)

  • Wiping data (without affecting Asset Panda Pro)

  • Deleting devices (removing them from both Intune and Asset Panda)

  • Remotely locking devices

The integration ensures smooth data synchronization and accurate asset management across both platforms.

You must perform the following steps to integrate Microsoft Intune with Asset Panda Pro and streamline your asset management process:

  1. Enable Microsoft Intune Integration: Connect your Microsoft Intune account to Asset Panda to fetch device data.

  2. Configure Asset Panda Integration: Map the Intune device data fields within Asset Panda for accurate synchronization.

  3. Sync Devices and Data: Sync your devices from Intune to Asset Panda, ensuring real-time updates and accurate tracking.

Prerequisites

  • Active Asset Panda subscription

  • Microsoft Azure Active Directory (AAD) deployment within your organization

  • Administrator access to both Microsoft Azure and Asset Panda platforms

  • Required permissions to register applications, generate secrets, and grant API access in Azure

  • Relevant collections and fields in Asset Panda Pro. If data is synced into a non-existent field, the integration may not be completed successfully.

It is strongly recommended that one Microsoft Intune field contain unique values that directly match a corresponding field in Asset Panda Pro. A common best practice is to use the Serial Number field as a unique match, assuming it’s already tracked and marked unique in Asset Panda. This prevents duplication by ensuring that synced devices update existing records instead of creating new ones.

Key fields and options

  • Device Type: Sync and import assets based on their specific type.

  • Device Configuration: Track devices as "Company Owned" or "Company Managed."

  • Asset Panda Management: Manage synced devices within Asset Panda for real-time updates and consistency.

Set up Microsoft Intune

Register a new application in Azure

  1. In a web browser, go to the Azure Portal.

  2. Sign in using your Azure administrator credentials.

  3. In the search bar, enter App Registrations and select it from the results.

  4. Click New Registration.

  5. Enter a name for your application (for example, Intune Integration).

  6. Under Supported account types, select Accounts in this organizational directory only (Single tenant).

  7. Click Register to create the application.

Retrieve required IDs

  1. After registration, go to the Application Overview page.

  2. Copy the following values for later use:

    • Application (Client) ID

    • Directory (Tenant) ID

    • Object ID

Generate the client secret

  1. In the navigation pane, select Certificates & Secrets.

  2. Under Client secrets, click New client secret.

  3. In the Description field, enter a name (for example, Intune Secret).

  4. Under Expires, select a validity period (for example, 6 months or 1 year).

  5. Click Add to generate the client secret.

  6. Copy the Value (not the Secret ID).

The secret value is only displayed once. Store it safely for later use.

Assign API permissions in Azure

To allow integration with Intune, the application needs API permissions.

  1. In a web browser, go to the Azure Portal.

  2. In the navigation pane, select API Permissions. The default User.Read permission should already be listed.

  3. Click Add a permission.

  4. In the Request API permissions window, select Microsoft Graph.

  5. Click Application Permissions.

  6. Expand DeviceManagementManagedDevices and select:

    • User.Read.All

    • Group.Read.All

    • DeviceManagementManagedDevices.PrivilegedOperations.All

    • DeviceManagementManagedDevices.ReadWrite.All

  7. Expand DeviceManagementApps and select:

    • DeviceManagementApps.Read.All

  8. Click Add Permissions.

Grant Admin consent

  1. On the API Permissions page, click Grant admin consent for <your tenant name>. A confirmation message is displayed. Click Yes.

  2. Ensure that the Status column for all permissions shows Granted.

The following details are required when setting up Asset Panda integration with Microsoft Intune:

  • Application (Client) ID: Used as Client ID in Asset Panda.

  • Directory (Tenant) ID: Used as Tenant ID in Asset Panda.

  • Object ID: Used as Application Object ID in Asset Panda.

  • Client Secret (Value): Used as Client Secret in Asset Panda.

Set up the Microsoft Intune integration in Asset Panda Pro

  1. Log into Asset Panda Pro with an administrator account

  2. Navigate to Settings icon Settings > Account Management.

  3. Expand the appropriate account and module.

  4. Click Manage in the Integrations card.

  5. Select Integrations Store.

  6. In the Microsoft Intune tile, click Add. The Integrations in this module tab is displayed.

  7. In the Microsoft Intune tile, click Configure.

  8. Enter the required credentials that were copied when you set up Microsoft Intune:

    • Client ID

    • Client Secret

    • Application Object ID

    • Tenant ID

  9. Click Test and Save Connection to verify authentication.

  10. Click Continue with mapping.

  11. Provide a Mapping Name.

  12. Select the relevant Asset Panda collection to receive the data.

  13. Select the appropriate external entity from Microsoft Intune.

  14. In the Mapping section, map the Asset Panda field from Microsoft Intune to the relevant column in your Asset Panda Pro collection. See Configure data mapping and filtering.

  15. Click Save.

Configure data mapping and filtering

During integration, Microsoft Intune fields must be mapped to corresponding Asset Panda fields to ensure accurate data synchronization. Proper mapping prevents duplication and ensures that device records are updated correctly within Asset Panda.

Unique Identifiers

A unique identifier is a field that remains constant and is distinct for each record, ensuring accurate data syncing and preventing duplicates between Microsoft Intune and Asset Panda. Common examples include Intune Device ID or Serial Number, depending on the type of data being mapped. For example:

  • Use Intune Device ID for most environments, as it is system-assigned and consistent.

  • Use Serial Number if your organization tracks it as a unique field in Asset Panda and it is reliably populated.

Do not use fields like Device Name, User Email, or Compliance Status, because they can change over time or may not be unique, leading to sync errors.

Setting up an automation ensures data stays up to date by syncing records at scheduled intervals.

Microsoft Intune fields

Field Name
Description
Mapping & Filtering Guidance

Intune Device ID

A unique, system-assigned identifier for each Intune-managed device.

Recommended as the Unique Identifier for matching records.

Serial Number

Manufacturer-assigned serial number of the device.

Can be used as a Unique Identifier if consistently populated and marked unique in Asset Panda.

IMEI

Identifier for mobile/cellular devices.

Optional; applicable mainly to mobile devices. May be blank for desktops.

MEID

Alternate mobile device ID.

Similar use as IMEI. Use only if populated reliably.

Wi-Fi MAC

MAC address of the device's wireless interface.

Optional; may not be consistently available or unique.

EAS Device ID

Exchange ActiveSync identifier.

Typically used in Exchange environments only.

Device Name

User-assigned or system-generated device name.

Not suitable as a Unique Identifier. May change over time.

Primary User Name

Username of the device’s primary user.

Useful for reference; not for identity matching.

Primary User Email

Email of the device’s primary user.

Use for reporting; avoid using as a Unique Identifier.

User Display Name

Full name of the assigned user.

Display-only value. Not unique or stable.

User Principal Name (UPN)

Azure AD login name (e.g., [email protected]).

Good for user tracking. Not unique to the device.

User ID

Azure AD object ID of the user.

Tied to the user, not the device. Avoid for device-level identity.

Phone Number

Phone number linked to the device.

Often blank or reused. Not reliable for matching.

Ownership

Indicates if device is corporate or personal.

Use for filtering by ownership type.

Device Manufacturer

Brand/vendor of the hardware (e.g., Apple, Dell).

Use for categorization or filtering. Not unique.

Model

Device model (e.g., iPhone 13, Dell XPS).

Useful for classification. Not recommended for identity matching.

OS / OS Version

Operating system and version installed.

Use for grouping or reporting. Not a unique value.

Compliance

Device compliance status based on Intune policies.

Use for filtering compliant vs non-compliant devices.

Category

Custom label defined in Intune.

Optional metadata; use as needed for filtering.

Device Enrollment Type

Method used for enrollment (e.g., manual, automatic).

Use for filtering enrollment method.

Device Registration State

Registration status in Entra ID.

Informational. Do not use for identity.

Management Agent

Agent type used to manage the device.

Use for internal classification.

Microsoft Entra Registered

Indicates if device is registered in Microsoft Entra ID.

Boolean value; not suitable as Unique Identifier.

Partner Threat State

Threat level reported from partner solutions.

Use for security reporting; not identity.

Encrypted / Supervised / Jailbroken

Security posture indicators.

Use for compliance visibility. Not identity fields.

EAS Activation Date

Date when Exchange ActiveSync was activated.

Timestamp field. Not stable.

Free / Total Storage Space

Storage metrics in bytes.

Volatile fields. Use for reporting only.

Last Successful Sync Date

Timestamp of last successful sync with Intune.

Changing value. Do not use for matching.

PreviousKandji IntegrationNextRecord Management

Last updated